1. You are in the process of migrating
your Windows NT 4.0 network to Windows Server 2003. The
network consists of several domains that are configured
in a complete trust domain model. All but one of the
domains is using Windows NT 4.0 primary and secondary
DNS servers for name resolution. The domain located in
Cincinnati is using UNIX DNS servers that run BIND version
8.2 for name resolution.
One of the domains using Windows NT 4.0 primary and
secondary DNS servers will be converted to server as
the forest root domain. The remaining domains will
become child domains. You want to integrate Windows
Server 2003 DNS servers with the UNIX primary DNS servers
in the Cincinnati domain.
Which of the following DNS strategies should you use
for the Cincinnati domain?
A. Standard primary zone
B. Standard secondary zone
C. Active Directory integrated zone
D. Delegated zone
Answer: B
In order to integrate Windows Server 2003 DNS servers
with the UNIX primary DNS servers, you must configure
the Windows Server 2003 DNS servers as secondary DNS
servers in that domain. BIND version 8.2, which is
UNIX's implementation of DNS, supports working with
Windows Server 2003 DNS servers.
Standard primary zones contain a primary DNS server
that is owner of a local zone file. Standard secondary
servers download read-only copies of the local zone
file. You would not want to configure a Windows Server
2003 DNS server in the Cincinnati domain as primary
DNS server.
Active Directory-integrated zones are DNS zones that
are integrated into Active Directory. You might want
to configure the other domains as Active Directory-integrated
zones.
Delegated zones are used to delegate management of
a DNS namespace throughout a domain.
Note: To use any implementation of DNS other than
Windows Server 2003, that DNS should support following
requirements:
1) It must support SRV Records (Service Resource Records). This requirement
is mandatory.
2) It may support DDNS (Dynamic DNS Updates). This is recommended.
3) It may support incremental zone transfer.
Objective 2: "Installing, Configuring, Managing,
Monitoring, and Troubleshooting DNS for Active Directory"
Chapter: 2
Objective: 2
2. You are in the process of designing the Active Directory DNS infrastructure
for your company's network. You have just migrated the network from
Windows NT 4.0 to Windows Server 2003. The network consists of a single
domain that included a Windows NT Server 4.0 primary DNS server and
a UNIX-based BIND 8.2 secondary DNS server.
You want to accomplish the following goals:
*The Windows Server 2003 DNS infrastructure should be compatible with
the BIND server.
*The Windows Server 2003 DNS infrastructure should support dynamic updates.
*The Windows Server 2003 DNS infrastructure should support incremental
zone transfers.
Which of the following actions should you take to
accomplish your goals using the least amount of administrative
effort? (Choose all that apply)
A. Create a delegated zone on a Windows Server 2003
computer.
B. Create a standard primary zone on a Windows Server 2003 computer.
C. Implement several caching-only DNS servers.
D. Create a secondary zone on the UNIX-based BIND DNS server.
Answer: B, D
By creating a standard primary zone on a Windows Server
2003 computer and creating a secondary zone on the
UNIX-based BIND DNS server, you will accomplish the
goals in this scenario. Berkeley Internet Name Domain
(BIND) versions 4.9.7 and later is compatible with
Windows Server 2003 DNS. BIND versions 8.1.2 and later
can work with dynamic updates. BIND 8.2 and later supports
incremental zone transfers.
Delegated zones are used to delegate management of
a DNS namespace throughout a domain.
Objective 2: "Installing, Configuring, Managing,
Monitoring, and Troubleshooting DNS for Active Directory"
3. You work as a network administrator for a company that has a single
Windows Server 2003 domain. There are three domain controllers in the
domain. During your monthly review of the network resources you notice
that Active Directory is taking up a considerable amount of space relative
to the number of objects within Active Directory. You want to reduce
the amount of space used by Active Directory.
Which of the following actions should you take accomplish
your objective using the least amount of administrative
effort?
A. Restart each domain controller in normal mode.
B. Perform an online defragmentation of Active Directory on each domain
controller.
C. Perform an offline defragmentation of Active Directory on each domain
controller.
D. Perform an offline defragmentation of Active Directory on a single
domain controller.
Answer: C
In order to reduce the amount of space that Active
Directory is using, you should perform an offline defragmentation
of Active Directory on each domain controller. Offline
defragmentation will create a compressed version of
the default database file of Active Directory. The
compressed state of this file (Ntds.dit) does not replicate
to other domain controllers. The space freed from the
compression of the Ntds.dit file will go back to the
file system. To perform an offline defragmentation
of Active Directory, start each domain controller in
Directory Services Restore mode and use NTDSUTIL to
defrag the database.
Online defragmentation happens automatically every 12 hours by default.
Online defragmentation frees space within Active Directory in order for
more objects to be created. However, online defragmentation does not
give the space back to the file system.
Starting the domain controllers in normal mode will
not reduce the amount of space used by Active Directory.
Objective 2: "Installing, Configuring, Managing,
Monitoring, and Troubleshooting DNS for Active Directory"
4. You are in the process of migrating your Windows NT 4.0 network to
Windows Server 2003. The network consists of three domains that are
configured in a complete trust domain model. Each domain contains a
single Windows NT 4.0 primary domain controller, two Windows NT 4.0
backup domain controllers and a single UNIX DNS server that runs BIND
version 8.2. The Windows Server 2003 migration will involve combining
the three domains into a single Windows Server 2003 domain. Windows
Server 2003 DNS servers must be configured to enable incremental zone
transfers and secure dynamic updates. You want to keep the UNIX DNS
servers running in the new Windows Server 2003 domain.
Which of the following DNS strategies should you use
for the new domain?
A. A Standard primary zone
B. A Standard secondary zone
C. An Active Directory integrated zone
D. A Delegated zone
Answer: C
In this scenario, you should configure an Active Directory-integrated
zone for the new domain. UNIX DNS servers using BIND
are recognized by the Windows Server 2003 DNS service.
UNIX DNS using BIND version 8.1.2 or later support
dynamic updates. However, they do not support dynamic
updates. You should configure the UNIX DNS servers
in this scenario as standard secondary DNS servers.
By configuring the Windows Server 2003 DNS servers
with an Active Directory-integrated zone, you will
enable secure dynamic updates to occur.
Standard primary zones and standard secondary zones
only support dynamic updates.
Because only one DNS zone will exist with your new
network configuration, delegated zones would be useless
to you.
Note: To use any implementation of DNS other than
Windows Server 2003, that DNS should support following
requirements:
1) It must support SRV Records (Service Resource Records). This requirement
is mandatory.
2) It may support DDNS (Dynamic DNS Updates). This is recommended.
3) It may support incremental zone transfer.
Objective 2: "Installing, Configuring, Managing,
Monitoring, and Troubleshooting DNS for Active Directory"
5. You are the network administrator for a company named TriDesign. The
TriDesign network consists of a single Windows Server 2003 domain.
Your company has just purchased another company named Digitech. Digitech's
network consists of a single Windows NT 4.0 domain. No plan has been
made to migrate Digitech's network to Windows Server 2003. You want
resources in both domains to be accessible by either domain.
What kind of trust should you create in order to accomplish
your objective?
A. Shortcut trust
B. Transitive trust
C. External trust
D. Kerberos trust
Answer: C
To enable both domains to access resources in each
domain, you should manually create two one-way external
trust relationships. Create one of the trust relationships
from the Windows Server 2003 domain. The other trust
relationship must be created from the Windows NT 4.0
domain. Use the Active Directory Domains and Trusts
console to create the trust relationship from the Windows
Server 2003 domain. You would also use an external
trust relationship between two separate Windows Server
2003 forests. External trusts are not transitive.
Shortcut trusts can be created between Windows Server
2003 domains within the same forest. They are used
to improve authentication response time.
Transitive trusts can best be described using an analogy
as shown in the following example. Domain A trusts
Domain B. Domain B trusts Domain C. Therefore, Domain
A trusts Domain C. Since you have not migrated Digitech's
Network to Windows Server 2003, you cannot use the
transistive trust.
The Kerberos protocol is used for Windows Server 2003
authentication between client and servers. It is also
the default protocol used in Windows Server 2003 trust
relationships.
Objective 2: "Installing, Configuring, Managing,
Monitoring, and Troubleshooting DNS for Active Directory"
|
